Securing Railways from Cyber Attacks

Internet Protocol (IP)-based technologies offer tremendous benefits to railways by supporting mission-critical operational services that improve safety, reliability and efficiency, as well as conveniences such as on-board broadband for passengers. Photo: Nokia

Modern communication networks have transformed society — along with the Internet, smartphones and the vast array of applications and services we all rely on to make our daily lives more enjoyable and productive as a result. These same Internet Protocol (IP)-based technologies also offer tremendous benefits to railways by supporting mission-critical operational services that improve safety, reliability and efficiency, as well as conveniences such as on-board broadband for passengers.

The shift toward IP-based networks and internet of things (IoT) technologies driving the required digital transformation in railway is bringing substantial benefits. While these benefits are actively being explored and implemented by railway operators worldwide, it also introduces a variety of new challenges — most notable among them is cybersecurity. Why? By their nature these technologies tend to have more direct connections to the internet and public networks, which provides potential ‘on-ramps’ for attacks. They also feature many more interconnections between devices such as surveillance cameras, sensors, meters, payment systems and on-board information systems. Increasingly, these connections are wireless, which can also increase the potential for exploitation.

The risks to railways are well-documented and substantial, and many governments around the world have adopted an aggressive posture when it comes to protecting critical infrastructure. As stewards of one of the most critical public assets, railway operators are naturally very invested in developing protection measures to help ensure that their passengers and freight reach their destinations safely and without delay.

The risks to railways are well-documented and substantial, and many governments around the world have adopted an aggressive posture when it comes to protecting critical infrastructure.

In general, the volume and variety of cyberattacks are increasing and becoming more sophisticated. However, the greater dangers to railway infrastructure are simple, less nefarious instances of human error; things like configuration problems, compliance failures and inattention. Even managing routine threats such as malware and viruses, and dealing with the volume of alerts, can be overwhelming for IT departments. This is why, regardless of the nature of the threat, railway operators need more robust network security to protect their infrastructure.Interestingly, the systems that can make them vulnerable — communications networks — are also one of a railway operator’s biggest assets when it comes to threat mitigation. How? The kinds of advanced networks available today can very effectively identify and monitor new threats, analyze the nature of those threats and provide the means to deal with malicious or inadvertent data breaches.

What has become clear in recent years is that there is no “silver bullet’ technology that can solve a railway operator’s cybersecurity problems. A systematic, comprehensive approach is needed that covers both technology-based interventions and business processes, such as:

Clearly defined regulations and policies

Incident response plans

Techniques and devices that can identify and characterize suspicious activity

End-to-end security infrastructure

Robust analytics capabilities

Security automation

This final item is perhaps most critical because automation can enable railway operators to manage repeatable, often-recurring actions without the direct engagement or intervention of security personnel; while at the same time giving them the capability to deal which the huge volume of security incidents happening every day. This approach can serve as a kind of force multiplier, enabling cybersecurity personnel to focus on resolving the most unique threats — and is critical given the relative shortage of available talent in the industry. The shortage of cybersecurity personnel is a global challenge, and one that makes it relatively impractical to rely too heavily on incident response strategies that depend on manual intervention.

The greater dangers to railway infrastructure are simple, less nefarious instances of human error; things like configuration problems, compliance failures and inattention.

Of course, as threats evolve, so must the techniques and technologies used to address them. One promising capability is machine learning, which can be used to analyze threat data from throughout the network, including connected devices of all types and cloud-based services. Essentially, the network can learn to identify potential security gaps that can be quickly mitigated.

Ultimately, the goal is to put in place a multi-layered defense strategy that can use technology judiciously to best leverage limited human resources, while not relying entirely on technology-based approaches.

By doing the hard work up front, and putting a cybersecurity mitigation strategy in place, railway operators can avoid the headache of accidents and delays, and their associated revenue impacts. This can also burnish their brands, giving the riding public the assurance that the railway operator is doing its utmost to make sure their passengers arrive at their destination safely and on time.

Mobility is rapidly changing, with new service offerings, electrification and an increasing impact on our basic transportation choices, from car ownership to having a major impact on public transportation ridership.